Sector Programs

Sectoral regimes differ noticeably in scope, evidence and supervisory practice. Abstract framework consulting helps less here than a package that precisely matches the duties and audit practice of your industry. We therefore bundle our services into vertical sector programs that do exactly that.

For the financial sector, DORA is central: ICT risk management, incident reporting, resilience testing and the register of ICT third-party arrangements. In aviation, EASA Part-IS is the trigger - an ISMS aligned with ISO/IEC 27001 with aviation-specific additions that brings together security management, safety context and physical operational reality.

In automotive and industry, demand shifts to product, supply-chain and software compliance: UNECE R155 requires a cybersecurity management system, R156 a software update management system, and TISAX/VDA-ISA remains the established industry mechanism. For TISAX we provide readiness, gap-closing and supplier enablement - the official assessment itself is reserved for ENX-authorized providers.

For data centers, cloud and managed-service environments we combine the NIS2 requirements for digital infrastructure with the particular maturity and testing demands of these subsectors; in financial proximity DORA may additionally apply. For utilities we bundle KRITIS, OT and resilience requirements. Each program references the appropriate sector page.

We deliver each of these services in three stages: as an assessment (baseline and gap analysis), as program build and implementation (structures, measures, evidence) and as ongoing steering - optionally as an interim mandate, fractional lead, evidence office or exercise and audit office. You decide how much responsibility to outsource and where to build your own capacity.